You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 Security concerns
Sensitive information exposure: The documentation describes configuration fields that may contain sensitive data (e.g., private keys, passwords, root certificates). While there are warnings and TODOs for linking to a secrets management page, ensure that users are clearly warned not to store secrets directly in configuration files and that secure handling practices are documented and linked.
Several fields (such as root_cas, tls.client_certs[].key, and tls.client_certs[].password) are documented as containing sensitive information, but the documentation only references a TODO for linking to the secrets page. Ensure that the documentation clearly instructs users not to store secrets directly in configuration files and that the referenced secrets documentation is available and linked.
<!-- TODO add secrets link :::warning SecretThis field contains sensitive information that usually shouldn't be added to a config directly, read our [secrets page for more info](/docs/configuration/secrets).::: -->
Type: `string`
Default: `""````yaml# Examplesroot_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
tls.root_cas_file
An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing
a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host
certificate.
Type: string
Default: ""
# Examplesroot_cas_file: ./root_cas.pem
tls.client_certs
A list of client certificates to use. For each certificate either the fields cert and key, or cert_file and key_file should be specified,
but not both.
A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not
supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an
attacker recover the plaintext.
</details>
<details><summary><a href='https://github.com/TykTechnologies/tyk-docs/pull/6548/files#diff-94556bfc041d6a47a54fae7e3b925b1aa6824dc87a668489a97f7c4df4f87baeR4301-R4700'><strong>Consistency and Clarity</strong></a>
There are minor inconsistencies in the output documentation, such as a repeated sentence in the introduction and some field descriptions that could be clarified (e.g., the difference between `type` and `exchange_declare.type`). Review for clarity and consistency to ensure users can easily understand and apply the configuration.
</summary>
```markdown
Sends messages to an AMQP (0.91) exchange. AMQP is a messaging protocol used by various message brokers,
including RabbitMQ.Connects to an AMQP (0.91) queue. AMQP is a messaging protocol used by various message brokers,
including RabbitMQ.
#### Common
```yaml
# Common config fields, showing default values
output:
label: ""
amqp_0_9:
urls: [] # No default (required)
exchange: "" # No default (required)
key: ""
type: ""
metadata:
exclude_prefixes: []
max_in_flight: 64
The metadata from each message is delivered as headers.
It's possible for this output type to create the target exchange by setting exchange_declare.enabled to true, if the exchange
already exists then the declaration passively verifies that the settings match.
TLS is automatic when connecting to an amqps URL, but custom settings can be enabled in the tls section.
The fields key, exchange and type can be dynamically set using function interpolations described here.
Fields
urls
A list of URLs to connect to. The first URL to successfully establish a connection will be used until the connection is closed.
If an item of the list contains commas, it will be expanded into multiple URLs.
Set the message ID of each message with a dynamic interpolated expression. This field supports interpolation functions.
Type: string
Default: ""
user_id
Set the user ID to the name of the publisher. If this property is set by a publisher, its value must be equal to the name
of the user used to open the connection. This field supports interpolation functions.
Type: string
Default: ""
app_id
Set the application ID of each message with a dynamic interpolated expression. This field supports interpolation functions.
Type: string
Default: ""
metadata
Specify criteria for which metadata values are attached to messages as headers.
Type: object
metadata.exclude_prefixes
Provide a list of explicit metadata key prefixes to be excluded when adding metadata to sent messages.
Type: array
Default: []
priority
Set the priority of each message with a dynamic interpolated expression. This field supports interpolation functions.
The maximum number of messages to have in flight at a given time. Increase this to improve throughput.
Type: int
Default: 64
persistent
Whether message delivery should be persistent (transient by default).
Type: bool
Default: false
mandatory
Whether to set the mandatory flag on published messages. When set if a published message is routed to zero queues, it is returned.
Type: bool
Default: false
immediate
Whether to set the immediate flag on published messages. When set if there are no ready consumers of a queue, then the message is dropped instead of waiting.
Type: bool
Default: false
timeout
The maximum period to wait before abandoning it and reattempting. If not set, wait indefinitely.
Type: string
Default: ""
tls
Custom TLS settings can be used to override system defaults.
Type: object
tls.enabled
Whether custom TLS settings are enabled.
Type: bool
Default: false
tls.skip_cert_verify
Whether to skip server side certificate verification.
Type: bool
Default: false
tls.enable_renegotiation
Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you're getting the error message local error: tls: no renegotiation.
Type: bool
Default: false
tls.root_cas
An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate,
to possible intermediate signing certificates, to the host certificate.
An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing
a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host
certificate.
Type: string
Default: ""
# Examplesroot_cas_file: ./root_cas.pem
tls.client_certs
A list of client certificates to use. For each certificate either the fields cert and key, or cert_file and key_file should be specified,
but not both.
A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not
supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an
attacker recover the plaintext.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
PR for https://tyktech.atlassian.net/browse/TT-14447
PR Type
Documentation
Description
Add comprehensive documentation for
amqp_0_9input configurationAdd detailed documentation for
amqp_0_9output configurationDocument all configuration fields, TLS options, and metadata usage
Provide YAML configuration examples for both input and output
Changes walkthrough 📝
stream-config.md
Add detailed AMQP 0.9 input/output documentation and configurationexamplestyk-docs/content/api-management/stream-config.md
amqp_0_9input, including allconfig fields, metadata, and usage examples.
amqp_0_9output, with all configfields, metadata handling, and YAML examples.
and message property settings.
input and output.